diff --git a/newthread.php b/newthread.php
index 74156b4..0247dc9 100644
--- a/newthread.php
+++ b/newthread.php
@@ -68,8 +68,11 @@
$radio=iconid value=-1 $checked> None
Custom: $inpt=custposticon SIZE=40 MAXLENGTH=100 VALUE=\"". stripslashes($custposticon) ."\">
";
+<<<<<<< Updated upstream
$subject=htmlspecialchars($subject);
$question=htmlspecialchars($question);
+=======
+>>>>>>> Stashed changes
if ($nosmilies) $nosmilieschk = " checked";
if ($nohtml) $nohtmlchk = " checked";
@@ -94,13 +97,13 @@
":"
$tccell1>Poll icon: $tccell2l colspan=2>$posticonlist
- $tccell1>Poll title: $tccell2l colspan=2>$inpt=subject SIZE=40 MAXLENGTH=100 VALUE=\"". stripslashes($subject) ."\">
- $tccell1>Question: $tccell2l colspan=2>$inpt=question SIZE=60 MAXLENGTH=255 VALUE=\"". stripslashes($question) ."\">
- $tccell1>Briefing: $tccell2l colspan=2>$txta=briefing ROWS=2 COLS=$numcols style=\"resize:vertical;\">". stripslashes($briefing) ."
+ $tccell1>Poll title: $tccell2l colspan=2>$inpt=subject SIZE=40 MAXLENGTH=100 VALUE=\"". htmlspecialchars(stripslashes($subject)) ."\">
+ $tccell1>Question: $tccell2l colspan=2>$inpt=question SIZE=60 MAXLENGTH=255 VALUE=\"". htmlspecialchars(stripslashes($question)) ."\">
+ $tccell1>Briefing: $tccell2l colspan=2>$txta=briefing ROWS=2 COLS=$numcols style=\"resize:vertical;\">". htmlspecialchars(stripslashes($briefing)) ."
$tccell1>Multi-voting:$tccell2l colspan=2>$radio=mltvote value=0 $checked0> Disabled $radio=mltvote value=1 $checked1> Enabled
$tccell1>Choices: $tccell2l colspan=2>$choices
$tccell1>Post:$tccell2l width=800px valign=top>".replytoolbar(2)."
- $txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\">". stripslashes(htmlspecialchars($message)) ."
+ $txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\">". htmlspecialchars(stripslashes($message)) ."
$tccell2l width=*>".moodlist($moodid)."
@@ -275,16 +278,23 @@
";
}
$mlt=($mltvote?'enabled':'disabled');
+ $subject = htmlspecialchars(stripslashes($subject));
+ $question = htmlspecialchars(stripslashes($question));
+ $briefing = htmlspecialchars(stripslashes($briefing));
+
$pollpreview="
- $question
- $tccell2ls colspan=3>$briefing
+ ". $question ."
+ $tccell2ls colspan=3>". $briefing ."
$pchoices
$tccell2ls colspan=3>Multi-voting is $mlt.
$tblend
$tblstart
";
+<<<<<<< Updated upstream
$subject = htmlspecialchars(stripslashes($subject));
$question = htmlspecialchars(stripslashes($question));
$briefing = htmlspecialchars(stripslashes($briefing));
+=======
+>>>>>>> Stashed changes
}
loadtlayout();
$ppost=$user;
diff --git a/thread.php b/thread.php
index 24d3f13..12eed21 100644
--- a/thread.php
+++ b/thread.php
@@ -292,7 +292,7 @@
$link = "";
$choices .= "
- $tccell1l width=20%>$dot$link".($pollc['choice'])."
+ $tccell1l width=20%>$dot$link".htmlspecialchars($pollc['choice'])."
$tccell2l width=60%>$barpart
$tccell1 width=20%>".($poll['doublevote'] ? "$pct% of users, $votes ($pct2%)" : "$pct%, $votes")."
";
@@ -308,7 +308,7 @@
$polltbl = "$tblstart
$tccellc colspan=3>".htmlspecialchars($poll['question'])."
- $tccell2ls colspan=3>".nl2br(dofilters($poll['briefing']))."
+ $tccell2ls colspan=3>".nl2br(htmlspecialchars(dofilters($poll['briefing'])))."
$choices
$tccell2l colspan=3>$smallfont $polltext $tvotes_u user$s_have voted. $polledit
$tblend
| |